Securing the IoT: a tele-dildo controlled through the Tor network

From the Boing Boing Shop

Follow Us

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security.

So she bough a We-Vibe Nova sex toy and hacked it so that it could take commands over the cryptographically secured Tor anonymity/privacy network, using the Ricochet chat protocol to create an extra layer of security. The demo shows that the security problems with the IoT have more to do with the manufacturers' desire to spy on their customers than the difficulty of getting security right.

The online things that are possible to log are the commands being sent, and the onion address of the person sending them

Lewis's approach uses Ricochet, a messaging program which creates a Tor hidden service for each user. Ricochet doesn't just protect the content of users' communications, but also obfuscates their metadata, making it harder for anyone snooping on the connection to see who is talking to whom. Lewis reverse-engineered her dildo, a Nova from Canadian company We-Vibe, so she could communicate with it over bluetooth. When combined, these elements allow anyone who knows the dildo's Ricochet address to send commands, such as "/max," to make the device vibrate. Lewis has uploaded the code to Github so others can try the experiment.

Motherboard started a 'chat' session with Lewis' vibe, and sent a series of simple commands. Lewis then sent a video of the dildo vibrating.

Jonathan "Song A Day" Mann (previously) writes, "On 1/1/19 I hit ten full years of writing a song a day. Part of the idea behind my Song A Day project has always been to find the 'good' songs in that pile (10 years = 3,652 songs) and come back to them to rework until they're […]

CNLohr discovered that underclocking the ESP8266 wifi module's Baseband PLL made the wifi channel progressively narrower, until it could not longer be detected by an unmodified wifi receiver -- but a similarly modified wifi module can detect the narrow signal, creating a s00p3r s33kr1t wifi channel; here's sourcecode (which may violate FCC Part 15 rules, […]

These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]

Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]

Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]